Card Unlocked

Privacy Policy

DRAFT: this is a starting draft for review by qualified counsel before you rely on it. It is not yet legal advice.

Effective date: June 7, 2026

This Privacy Policy explains how Card Unlocked ("CardUnlocked," "we," "us," or "our") collects, uses, and shares information when you use cardunlocked.com and our related services (the "Service"). We built CardUnlocked to show you the dollar value of credit card benefits you are not using (we call this "the Gap") and to help you recover that value. We wrote this policy in plain language because we want you to actually understand it.

By using the Service, you agree to the practices described here. If you do not agree, please do not use the Service.

A quick summary

We try to keep this simple, so here is the short version. The sections below give the full detail.

  • We collect your email address, the cards you tell us you have, how you say you use their benefits, and a few optional things like spending estimates and household labels.
  • We do not ask for or store your bank login, your actual credit card numbers, or your Social Security number, and we do not pull your credit.
  • We never sell your personal information.
  • We share data only with the trusted companies that help us run the Service (sign-in, payments, storage, and hosting).
  • When you delete your account, we delete your data. Account deletion triggers a full purge of your records.

1. Information we collect

We only collect what we need to run the Service. Here is what that includes.

Information you give us directly:

  • Account information. Your email address, which you provide when you create an account. If you sign in with Google, we receive basic profile information (such as your name and email) from Google so we can create and secure your account.
  • The cards you select. When you build your wallet, you choose cards from a public catalog we maintain. We store a reference to the cards you picked. We do not collect or store your actual credit card numbers.
  • Self-reported benefit usage. Your answers about which card benefits you do or do not use, so we can calculate your Gap.
  • Optional spending information. Estimated amounts you spend by category (for example, dining or travel), only if you choose to enter them. These are your own estimates, not data pulled from any account.
  • Card anniversary months. The month a card's annual fee renews, if you enter it, so we can time renewal reminders.
  • Optional household labels. Simple labels you may add for household members (for example, "partner"), if you use household features. These are labels you create, not identities we verify.

Information related to payments.

If you subscribe to Premium, our payment processor (Stripe) collects and processes your payment details directly. We do not receive or store your full card number. We receive limited information from Stripe such as your subscription status, billing dates, and the result of a payment so we can manage your subscription.

Information we collect automatically.

When you use the Service, we and our analytics provider automatically receive limited technical information, such as your device type, browser, general location inferred from your IP address, and the pages you view. We use a privacy-friendly analytics provider (Vercel Analytics) that does not track you across other websites for advertising and does not build an advertising profile of you.

What we do NOT collect.

To be clear, CardUnlocked does not collect, request, or store:

  • bank or financial-account login credentials,
  • access to your bank or card accounts through Plaid or any similar service,
  • your actual credit or debit card numbers,
  • your Social Security number, and
  • credit reports or credit scores (we do not perform credit pulls).

2. How we use your information

We use the information above to:

  • create, secure, and manage your account;
  • calculate your Gap, action plan, renewal advice, and other results;
  • show you personalized insights based on the cards and usage you report;
  • process your Premium subscription and send related billing messages;
  • send you Service-related communications (for example, account, security, or benefit reminders);
  • understand how the Service is used so we can improve it; and
  • protect the Service against fraud, abuse, and security threats, and comply with the law.

3. Service providers we share information with

We do not sell your personal information, and we do not share it for cross-context behavioral advertising. We share information only with the service providers that help us operate the Service, and only so they can perform their function for us. These include:

ProviderWhat it does for usWhat it handles
ClerkAuthentication and account managementYour email, sign-in credentials, and (if you use Google sign-in) basic Google profile info
StripePayment processing for PremiumYour payment details, which it collects directly, plus billing and subscription data
SupabaseDatabase and storageYour account data, selected cards, benefit usage, and other Service data
VercelWebsite hosting and privacy-friendly analyticsTechnical and usage information needed to serve and measure the site

Each of these providers acts as our processor and is permitted to use the data only to provide its service to us. We may update this list as our providers change. For payments, Stripe also processes your information under its own privacy policy as the company that handles your card details directly.

We may also disclose information if required by law, to respond to lawful requests or legal process, to protect the rights, property, or safety of CardUnlocked, our users, or others, or in connection with a merger, acquisition, or sale of assets (in which case we will continue to protect your information under this policy or notify you of any change).

4. Affiliate relationships

CardUnlocked earns money in two ways: Premium subscriptions, and affiliate commissions when some users apply for a card we recommend through an affiliate link. We want to be direct about this.

Affiliate relationships never influence how we value benefits or rank cards. Our valuations and rankings are based on the benefit data and your inputs, not on which companies pay us a commission. If we earn a commission on a recommendation, that has no effect on whether or how highly we recommend a card to you.

Affiliate links do not collect extra personal information from you on our behalf. If you click through to a card issuer or partner, that company's own privacy policy governs what happens on its site.

5. Cookies and analytics

We use a small number of cookies and similar technologies that are necessary to keep you signed in, keep the Service secure, and remember basic preferences. We also use privacy-friendly analytics to understand how the Service is used in aggregate.

We do not use advertising cookies or cross-site tracking to build an advertising profile of you. You can control cookies through your browser settings, though turning off necessary cookies may affect how the Service works.

6. Data retention and deletion

We keep your personal information only as long as we need it to provide the Service to you, or as long as the law requires.

You can delete your account at any time, and we honor it. When you delete your account, this triggers an automated process that performs a full purge of your records across our systems. That includes the cards you selected, your benefit usage, any spending data, anniversary months, household labels, and your related account records. We do this through an automated webhook so the deletion is carried out consistently and completely.

A few practical notes:

  • Some limited information may remain for a short period in routine backups, which age out on a normal cycle, and we do not restore deleted data from them for ordinary use.
  • Our payment processor (Stripe) may retain certain transaction records it is legally required to keep for tax, accounting, or fraud-prevention purposes, under its own policies. That is standard for payment processing and is outside the data we control.
  • We may retain limited information where the law requires us to.

If you want to delete your account or your data and need help, contact us at privacy@cardunlocked.com.

7. How we protect your information

We take reasonable steps to protect your information. User data is encrypted, we limit who can access it, and we rely on established providers (Clerk, Stripe, Supabase, and Vercel) that maintain their own security practices. No method of transmission or storage is completely secure, so while we work hard to protect your information, we cannot guarantee absolute security.

A reminder that helps keep you safe: we never ask for your bank login or your full card number, so you should never send those to us.

8. Children's privacy

The Service is intended for adults and is not directed to children. We do not knowingly collect personal information from anyone under 13 years of age. If you believe a child under 13 has provided us personal information, please contact us at privacy@cardunlocked.com and we will delete it.

9. Your privacy rights (including California / CCPA)

Depending on where you live, you may have rights regarding your personal information. We extend the following rights to our users:

  • Know and access. You can ask what personal information we have about you and request a copy.
  • Delete. You can delete your account and your data, as described in Section 6.
  • Correct. You can update much of your information directly in the Service, or ask us to correct it.
  • Opt out of sale or sharing. We do not sell your personal information and we do not share it for cross-context behavioral advertising, so there is nothing to opt out of, but you have the right to direct us not to.
  • No discrimination. We will not treat you differently for exercising any of these rights.

For California residents (CCPA / CPRA): California law gives residents the rights described above. In the past 12 months, the categories of personal information we have collected are described in Section 1 (identifiers such as your email, commercial information such as your subscription and the cards you report, internet activity such as usage data, and the optional information you choose to provide). We collect it for the business purposes in Section 2 and share it with the service providers in Section 3. We do not sell personal information and we do not share it for cross-context behavioral advertising.

To exercise any of these rights, contact us at privacy@cardunlocked.com. We may need to verify your identity before acting on your request, and you may use an authorized agent where the law allows.

10. International users

We operate the Service in the United States and are intended for users in the United States. If you access the Service from outside the United States, your information will be processed in the United States, where privacy laws may differ from those in your location.

11. Changes to this policy

We may update this Privacy Policy from time to time. If we make material changes, we will update the "Effective date" above and, where appropriate, give you additional notice (for example, by email or a notice in the Service). Your continued use of the Service after an update means you accept the revised policy.

12. How to contact us

If you have questions about this Privacy Policy or how we handle your information, contact us at:

Card Unlocked privacy@cardunlocked.com